[Bug 1325674] [NEW] w3m supports insecure cypher suites
J G Miller
miller at yoyo.ORG
Mon Jun 2 18:00:43 UTC 2014
*** This bug is a security vulnerability ***
Public security bug reported:
PRETTY_NAME="Ubuntu 14.04 LTS"
VERSION="14.04, Trusty Tahr"
Package: w3m
Priority: optional
Section: text
Origin: Ubuntu
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Version: 0.5.3-15
Supported: 5y
Using w3m to visit the site
<https://www.howsmyssl.COM/>
reveals the following security issue --
QUOTE
Insecure Cipher Suites
Bad Your client supports cipher suites that are known to be insecure:
* TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA: This cipher uses keys smaller than 128 bits in its encryption.
* TLS_DHE_DSS_WITH_DES_CBC_SHA: This cipher uses keys smaller than 128 bits in its encryption.
* TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA: This cipher uses keys smaller than 128 bits in its encryption.
* TLS_DHE_RSA_WITH_DES_CBC_SHA: This cipher uses keys smaller than 128 bits in its encryption.
* TLS_RSA_EXPORT_WITH_DES40_CBC_SHA: This cipher uses keys smaller than 128 bits in its encryption.
* TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5: This cipher uses keys smaller than 128 bits in its encryption.
* TLS_RSA_EXPORT_WITH_RC4_40_MD5: This cipher uses keys smaller than 128 bits in its encryption.
* TLS_RSA_WITH_DES_CBC_SHA: This cipher uses keys smaller than 128 bits in its encryption.
UNQUOTE
** Affects: w3m (Ubuntu)
Importance: Undecided
Status: New
** Tags: security vulnerability
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to w3m in Ubuntu.
https://bugs.launchpad.net/bugs/1325674
Title:
w3m supports insecure cypher suites
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/w3m/+bug/1325674/+subscriptions
More information about the Ubuntu-server-bugs
mailing list